2 iexplore.exe in task manager tries to connect to malware site

Hello, I started having problems with my internet 2 days ago. First I couldn't connect to the internet at all, I tried pretty much everything and after deleting my recently updated ad-aware I was able to reconnect again. I still had avast and that started occasionally prompting a warning where the infection details we're as follows

As you see, I opened the attachment and pasted it in your post. The author put the 'don not post' and the 'zip' directions in the Attaxch.txt log and we can't remove it. However, we added instruction to ignore this and paste it in- so I did some housekeeping. I lso deletes the link ou left.

About your problem:
The domain beagleabschirmkiste.de is in Germany. McAfee TrustedSource web reputation analysis found potential security risks with this site. Use with extreme caution. What I don't know is if this was an attempt to access your system that was blocked, or whether something in your system is atempting to access the site on the internet. The former is normal and the AV is doing what it should. The latter would indicate that there is malware in the system to be found and removed.

About multiple iexplore.exe:
If you have IE8, it is normal to have 2 or more of these processes in the Task Manager. But since malware can hide in almost every process, we will tke that into consideration.

Did you run GMER? Log?

I would like you to temporarily remove the CD emulators as they can interfer with the cans. This would be Daemon Lite and I think also include Astroburn.To disable CD Emulation programs using DeFogger please perform these steps:

. Once downloaded, double-click on the DeFogger icon to start the tool.

. The application window will now appear. You should now click on the Enable button to enable your CD Emulation drivers

. When it prompts you whether or not you want to continue, please click on the Yes button to continue

. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.

. If CD Emulation programs are present and have been enabled,

DeFogger will now ask you to reboot the machine. Please allow it to do so
by clicking on the OK button.

Click to expand...

=======================================Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

Click START> then RUN

Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]

Note: No query will be made if the Recovery Console is already on the system.

Close any open browsers.

Before you run the Combofix scan, please disable any security software you have running.
(If you need help with this, please see HERE)

Click on Yes, to continue scanning for malware

If Combofix asks you to update the program, allow

When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1o not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficultyand terminates prematurely, the connection can be manually restored by restarting your machine.
=========================================To run the Eset Online Virus Scan:
If you use Internet Explorer:

Open Eset Smart Installer
[o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
[o] Double click on the desktop icon to run.
[o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window

Continue with the directions.

Check 'Yes I accept terms of use.'

Click Start button

Accept any security warnings from your browser.

Uncheck 'Remove found threats'

Check 'Scan archives/

Leave remaining settings as is.

Press the Start button.

ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.

When the scan completes, press List of found threats

Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.

Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
==================================================My Guidelines: please read and follow:

Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.

Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.

If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.

File sharing programs should be uninstalled or disabled during the cleaning process..

Observe these:
[o] Don't follow directions given to someone else
[o] Don't use any other cleaning programs or scans while I'm helping you.
[o] Don't use a Registry cleaner or make any changes in the Registry.
[o] Don't download and install new programs- except those I give you.

Threads are closed after 5 days if there is no reply.

Please leave the logs for Combofix and the Eset scan in your next reply.

Update on the situation, yesterday I lost my connection for around 5 minutes again. The symptom is that everytime I try to open a site, it won't even try to load. Windows does say I'm connected though but running internet explorers troubleshoot I get "The remote device or resource won't accept the connection." I forgot to mention that earlier.

Also last time avast blocked the connection to the beagle.de site, my soundcards drivers were the one's trying to connect there.

Please refer to THIS Microsoft site. Go through the 6 recommended methord to resolve the issue.
--------------------------------------Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================Per this Combofix scan the the contents of the Qoobox folder:
CoreDB: 2-way integration with Techlog in order to exchange, locate and question data. Generate inventories
\LicenseValidator.exe
It appears they are related to Divine IT Limited with description "a pioneer company specializing in enterprise, telecom and End user software in Bangladesh." Among it's functions are payroll, wages, salary, resource planning.

These are for work, yes? Do you have an IT in the office? Because Combofix wants these entries out. If they are work-related, if they are clean, the IT is the one to determine that.
====================
Directions in Combofix:

Before you run the Combofix scan, please disable any security software you have running.

The 6 methods didn't work back when I tried everything at first. And this losing of internet only happened twice after it for a period of minutes.

This is also my own personal computer at home, no work related stuff on here. Those corporate things you mentioned about bangladesh and all I have no idea what they are and I'm inclined to believe they're related to the malware stuff.

Also when combofix reboots my pc, avast opens automatically, otherwise it was disabled.

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply>> you won't have a full Combofix log, just one for the DeQuarantine. Let make sure that gets your overclocking back.

FYI:
IP Address: 91.205.41.227 ISP: Dragonara Alliance Ltd.
IP Address: 91.224.160.206 Organization: Bergdorf Group Ltd.
IP Address: 95.211.136.71 ISP: LeaseWeb B.V. Location: Amsterdam, Netherlands
IP Address: 146.185.18.114 ISP: Unknown Organization: Hosting Services
IP Address: 88.85.93.34 is invalid
======================================================
Security programs capable of blocking have sites listed within them to block, or may block a site with an invalid IP or if it doesn't recognize the IP. If a block is happening to a legitimate IP, then you open the program and enter the IP as an exception, such as for your sound card. The security programs usually have a section where you can uncheck the 'alert me to the block.'

Please find that section and uncheck it.

Any processes that starts on boot and runs in the background that has the capability of accessing the internet may try to access whether you're using the system or not. For instance, all the auto-updates you have running will be accessing the internet several times a day, every day, looking for updates. That's one reason why you should keep the startup processes to a minimum.

You have an exceptional amount of traffic: 87 processes for C:\Users\Gasoline\AppData\Local\{CLSD}>> =============== Created Last 30 ================! And you using file sharing> µTorrent.

Remove all of the tools we used and the files and folders they created

Uninstall ComboFix and all Backups of the files it deleted
[o] Click START> then RUN
[o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

DownloadOTCleanIt by OldTimerand save it to your Desktop.
[o] Double click OTCleanIt.exe.
[o] Click the CleanUp! button.
[o] If you are prompted to Reboot during the cleanup, select Yes.
[o]The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Set a new, clean Restore Point
[o] Click on Start> right click on Computer> Properties
[o] Select System Protection
[o] Click on the Create button (near bottom)
[o] Type a name for the Restore Point
[o] Click on Create again to save the restore point.

Deleting all but the most recent System Protection point in Windows 7
[o] Click Start> Computer> right click the C Drive and choose Properties> enter.
[o] Click Disk Cleanup from there.
[o] Click Clean up system files
This restarts Disk Cleanup to run in elevated mode.
[o] Click the More Options tab
[o] Click the Clean up under System Restore and Shadow Copies.
[o] Click OK.
[o] You will get a confirmation screen> Just click Delete.
[o] Click OK on the Disk Cleanup Screen.
[o] Click Delete Files on the Confirmation screen.

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.